{"vulnerability": "CVE-2026-46414", "sightings": [{"uuid": "7254c6d4-3d96-44a3-be4b-95f9f314c012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46414", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmuydgdxyu2e", "content": "Microsoft UFO 3.0.1-4-ge2626659\u306b\u304a\u3044\u3066\u3001\u8a8d\u8a3c\u3055\u308c\u305fWebSocket\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u507d\u306e\u5f79\u8077\u3092\u9001\u4fe1\u3057\u3001\u4ed6\u306e\u30c7\u30d0\u30a4\u30b9\u306b\u4e0d\u6b63\u306a\u30bf\u30b9\u30af\u3092\u9001\u4fe1\u3067\u304d\u308b\u8106\u5f31\u6027\u304c\u3042\u308b\u3002\nCVE-2026-46414 CVSS 8.8 | HIGH", "creation_timestamp": "2026-05-28T02:34:54.910800Z"}, {"uuid": "41115ffe-0ec0-4144-b7c2-4f52c74475b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46414", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmum2wangr2c", "content": "CVE-2026-46414 - Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking\nCVE ID : CVE-2026-46414\n \n Published : May 27, 2026, 9:54 p.m. | 37\u00a0minutes ago\n \n Description : Microsoft UFO open-source framework for intelligent automation across devices and pl...", "creation_timestamp": "2026-05-27T22:55:24.718825Z"}, {"uuid": "b32b3a97-f47c-442d-a948-0f0d93479dd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46414", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmupprp6ak2c", "content": "\ud83d\udfe0 CVE-2026-46414 - High (8.8)\n\nMicrosoft UFO open-source framework for intelligent automation across devices and platforms. In 3...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-46414/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-28T00:00:46.358825Z"}, {"uuid": "f14b3285-7a28-456b-a6a1-46d1b49a591e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46414", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmuzr6quda26", "content": "HIGH severity: Microsoft UFO 3.0.1-4-ge2626659 lets attackers spoof roles & hijack tasks via WebSocket. No patch \u2014 restrict token & client access now. Details: https://radar.offseq.com/threat/cve-2026-46414-cwe-290-authentication-bypass-by-sp-c8a9e703 #OffSeq #MicrosoftUFO #Security", "creation_timestamp": "2026-05-28T03:00:31.026182Z"}, {"uuid": "64c7bf97-182d-42d4-a827-04ece8a62030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46414", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116649966169277719", "content": "\ud83d\udee1\ufe0f CVE-2026-46414 (HIGH): Auth bypass in Microsoft UFO 3.0.1-4-ge2626659. Attackers can spoof roles & hijack device tasks via WebSocket. No patch yet \u2014 restrict server token & trusted client access. More: https://radar.offseq.com/threat/cve-2026-46414-cwe-290-authentication-bypass-by-sp-c8a9e703 #OffSeq #CVE202646414 #MicrosoftUFO #Vuln", "creation_timestamp": "2026-05-28T03:00:32.524517Z"}]}